Re: Is it good practice to set up a nginx behind haproxy with h2 or not ?
On Mon, Feb 5, 2018 at 12:12 AM, Aleksandar Lazic wrote: > Hi. > > > Am 03-02-2018 10:25, schrieb Igor Cicimov: > > On Sat, Feb 3, 2018 at 6:02 PM, wrote: >> >> I need to set up haproxy 1.8.3 as a loadbalancer for several nginx >>> webservers (1.13.x). The haproxy will be set up to support h2 >>> connections. >>> I am undecided if it is a good idea to setup nginx for h2 also. I >>> understand >>> that haproxy will be able to talk to nginx more efficiently, but there >>> is also >>> a downside for the h2 handshake and more complicated protocol in >>> contrast to a >>> simple unencrypted http connection. The content I transfer between >>> haproxy and >>> nginx is absolutely public, so there is no added value or security if I >>> encrypt it. >>> >>> Is it advisable to set up h2 between the two or not ? Criteria would be >>> "less CPU usage" or "less connections between the two components" or even >>> "faster transfer of data between nginx and haproxy" >>> I have not yet come to a conclusion. I understand that for a detailled >>> answer you >>> would need to know more about the servers and type / amount of content >>> transferred. >>> But I am hoping for some general guidance here. >>> >> >> Very good question I had the same dilemma last week with similar case >> like you >> except my backend is Apache2. I decided to go with alpn/h2 in Haproxy and >> h2c in >> Apache (terminating SSL on HAP) hoping for lower latency and better >> performance on >> the clients side due to the benefits of h2. Haven't done any in depth >> testing >> though in order to compare the system utilization with and without h2c in >> Apache. >> The app is PHP and I use PHP5-FPM via fastcgi just to mention it for the >> record. >> I could see faster page loads but how much the h2c in Apache contributed >> to it I >> can't say for sure. More testing is needed and hope I'll get to it >> sometime next week. >> >> One thing confusing though is that all the requests in Haproxy are still >> logged as >> HTTP/1.1 although I was using h2load (and before someone asks, yes it was >> in h2 mode >> for sure) for testing. Not sure if I have missed some setting or is it >> normal behaviour. >> > > In short: haproxy have h2 for the frontends but not for the backends, at > the moment. > > This facts was mentioned in the announcement of haproxy 1.8 > > https://www.mail-archive.com/haproxy@formilux.org/msg28004.html > > ``` > - HTTP/2 (Willy Tarreau) : HTTP/2 is automatically detected and processed > in HTTP frontends negociating the "h2" protocol name based on the ALPN > or NPN TLS extensions. At the moment the HTTP/2 frames are converted to > HTTP/1.1 requests before processing, so they will always appear as 1.1 > in the logs (and in server logs). No HTTP/2 is supported for now on the > backend, though this is scheduled for the next steps. HTTP/2 support is > still considered EXPERIMENTAL, so just like for multi-threading, in > case > of problem you may end up having to disable it for the time it takes to > solve the issue. > ``` > > I know this annoumcment is long with full details, due to this fact I have > read it > several times ;-) > > Hth > Aleks > There we go, thanks Aleksandar that explains it all.
Re: Is it good practice to set up a nginx behind haproxy with h2 or not ?
Hi. Am 03-02-2018 10:25, schrieb Igor Cicimov: On Sat, Feb 3, 2018 at 6:02 PM, wrote: I need to set up haproxy 1.8.3 as a loadbalancer for several nginx webservers (1.13.x). The haproxy will be set up to support h2 connections. I am undecided if it is a good idea to setup nginx for h2 also. I understand that haproxy will be able to talk to nginx more efficiently, but there is also a downside for the h2 handshake and more complicated protocol in contrast to a simple unencrypted http connection. The content I transfer between haproxy and nginx is absolutely public, so there is no added value or security if I encrypt it. Is it advisable to set up h2 between the two or not ? Criteria would be "less CPU usage" or "less connections between the two components" or even "faster transfer of data between nginx and haproxy" I have not yet come to a conclusion. I understand that for a detailled answer you would need to know more about the servers and type / amount of content transferred. But I am hoping for some general guidance here. Very good question I had the same dilemma last week with similar case like you except my backend is Apache2. I decided to go with alpn/h2 in Haproxy and h2c in Apache (terminating SSL on HAP) hoping for lower latency and better performance on the clients side due to the benefits of h2. Haven't done any in depth testing though in order to compare the system utilization with and without h2c in Apache. The app is PHP and I use PHP5-FPM via fastcgi just to mention it for the record. I could see faster page loads but how much the h2c in Apache contributed to it I can't say for sure. More testing is needed and hope I'll get to it sometime next week. One thing confusing though is that all the requests in Haproxy are still logged as HTTP/1.1 although I was using h2load (and before someone asks, yes it was in h2 mode for sure) for testing. Not sure if I have missed some setting or is it normal behaviour. In short: haproxy have h2 for the frontends but not for the backends, at the moment. This facts was mentioned in the announcement of haproxy 1.8 https://www.mail-archive.com/haproxy@formilux.org/msg28004.html ``` - HTTP/2 (Willy Tarreau) : HTTP/2 is automatically detected and processed in HTTP frontends negociating the "h2" protocol name based on the ALPN or NPN TLS extensions. At the moment the HTTP/2 frames are converted to HTTP/1.1 requests before processing, so they will always appear as 1.1 in the logs (and in server logs). No HTTP/2 is supported for now on the backend, though this is scheduled for the next steps. HTTP/2 support is still considered EXPERIMENTAL, so just like for multi-threading, in case of problem you may end up having to disable it for the time it takes to solve the issue. ``` I know this annoumcment is long with full details, due to this fact I have read it several times ;-) Hth Aleks
Re: Is it good practice to set up a nginx behind haproxy with h2 or not ?
On Sat, Feb 3, 2018 at 6:02 PM, wrote: > I need to set up haproxy 1.8.3 as a loadbalancer for several nginx > webservers (1.13.x). The haproxy will be set up to support h2 connections. > I am undecided if it is a good idea to setup nginx for h2 also. I > understand that haproxy will be able to talk to nginx more efficiently, but > there is also a downside for the h2 handshake and more complicated protocol > in contrast to a simple unencrypted http connection. The content I transfer > between haproxy and nginx is absolutely public, so there is no added value > or security if I encrypt it. > > Is it advisable to set up h2 between the two or not ? Criteria would be > "less CPU usage" or "less connections between the two components" or even > "faster transfer of data between nginx and haproxy" > I have not yet come to a conclusion. I understand that for a detailled > answer you would need to know more about the servers and type / amount of > content transferred. But I am hoping for some general guidance here. > > Very good question I had the same dilemma last week with similar case like you except my backend is Apache2. I decided to go with alpn/h2 in Haproxy and h2c in Apache (terminating SSL on HAP) hoping for lower latency and better performance on the clients side due to the benefits of h2. Haven't done any in depth testing though in order to compare the system utilization with and without h2c in Apache. The app is PHP and I use PHP5-FPM via fastcgi just to mention it for the record. I could see faster page loads but how much the h2c in Apache contributed to it I can't say for sure. More testing is needed and hope I'll get to it sometime next week. One thing confusing though is that all the requests in Haproxy are still logged as HTTP/1.1 although I was using h2load (and before someone asks, yes it was in h2 mode for sure) for testing. Not sure if I have missed some setting or is it normal behaviour.
Is it good practice to set up a nginx behind haproxy with h2 or not ?
I need to set up haproxy 1.8.3 as a loadbalancer for several nginx webservers (1.13.x). The haproxy will be set up to support h2 connections. I am undecided if it is a good idea to setup nginx for h2 also. I understand that haproxy will be able to talk to nginx more efficiently, but there is also a downside for the h2 handshake and more complicated protocol in contrast to a simple unencrypted http connection. The content I transfer between haproxy and nginx is absolutely public, so there is no added value or security if I encrypt it. Is it advisable to set up h2 between the two or not ? Criteria would be "less CPU usage" or "less connections between the two components" or even "faster transfer of data between nginx and haproxy" I have not yet come to a conclusion. I understand that for a detailled answer you would need to know more about the servers and type / amount of content transferred. But I am hoping for some general guidance here.